Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptON Ransomware Support & Help Topic (<id-number>_x3m, _locked, _r9oj)


  • Please log in to reply
424 replies to this topic

#376 robinnnn

robinnnn

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 04 August 2017 - 12:45 PM

mk.stryker@aol.com is a criminal who should not be paid for his services. 



BC AdBot (Login to Remove)

 


m

#377 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:19 AM

Posted 04 August 2017 - 03:04 PM

i dont have backup for all files, do you know any solution or any other platform who can decrypt my files and does mk.stryker@aol.com decrypt files for me.
 
should i pay him more, will it be fine?

Most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. One of the reasons that folks get infected is because someone before them paid the bad guys to decrypt their data. The more people that pay the ransom, the more cyber-criminals are encouraged to keep creating ransomware for financial gain. Further, there is no guarantee that paying the ransom will actually result in the restoration (decryption) of your files.

Some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Some victims have reported paying the ransom only to discover the criminals wanted more money...demanding additional payments with threats the data would be destroyed or exposed. Still others have reported they paid but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the decryption software and/or key they received did not work or resulted in errors. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.

Keep all this in mind if you are considering paying the ransom since there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim...and using a faulty or incorrect decryptor may damage or corrupt the files even further. The criminals may even send you something containing more malware...so why should you trust anything provided by those who infected you in the first place.

As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. Other possible options include using native Windows Previous Versions or programs like Shadow Explorer and ShadowCopyView if the malware did not delete all shadow copy snapshots as it typically does or the encrypted process was interrupted. It never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for these infections to sometimes fail to delete the Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work either...again, it never hurts to try.

If that is not a viable option and if there is no free decryption tool, the only other alternative to paying the ransom is to backup/save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#378 i05fpattack

i05fpattack

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 06 August 2017 - 10:02 AM

BTW,, is there anyone here who pay and get his files decrypted? from mk.stryker@aol.com


Edited by i05fpattack, 06 August 2017 - 10:02 AM.


#379 imyma

imyma

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 08 August 2017 - 02:16 PM

LL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED
 
X3m Ransomware
 
To decrypt your files you need to buy the special software – «X3m decryptor»
 
To recover data, follow the instructions!
 
 
 
 
You can find out the details / buy decryptor + key / ask questions by email:
yotabyte@protonmail.com
 
 
### OR contact by online chat ###
 
 
https://l2r7cz455k6bdu2o.onion.to, https://l2r7cz455k6bdu2o.onion.cab, https://l2r7cz455k6bdu2o.hiddenservice.net (not need Tor)
 
 
If the resources is not available for a long time, install and use the Tor-browser:
1. Run your Internet-browser
2. Enter or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. On the site will be offered to download the Tor-browser, download and install it. Run.
4. Connect with the button "Connect" (if you use the English version)
5. After connection, the usual Tor-browser window will open
6. Enter or copy the address http://l2r7cz455k6bdu2o.onion in the address bar of Tor-browser and press key ENTER
7. Wait for the site to load
 
 
// If you have any problems installing or using, please visit the video tutorial


#380 i05fpattack

i05fpattack

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 10 August 2017 - 04:51 AM

 

LL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED
 
X3m Ransomware
 
To decrypt your files you need to buy the special software – «X3m decryptor»
 
To recover data, follow the instructions!
 
 
 
 
You can find out the details / buy decryptor + key / ask questions by email:
yotabyte@protonmail.com
 
 
### OR contact by online chat ###
 
 
https://l2r7cz455k6bdu2o.onion.to, https://l2r7cz455k6bdu2o.onion.cab, https://l2r7cz455k6bdu2o.hiddenservice.net (not need Tor)
 
 
If the resources is not available for a long time, install and use the Tor-browser:
1. Run your Internet-browser
2. Enter or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. On the site will be offered to download the Tor-browser, download and install it. Run.
4. Connect with the button "Connect" (if you use the English version)
5. After connection, the usual Tor-browser window will open
6. Enter or copy the address http://l2r7cz455k6bdu2o.onion in the address bar of Tor-browser and press key ENTER
7. Wait for the site to load
 
 
// If you have any problems installing or using, please visit the video tutorial

 

this is for what?



#381 imyma

imyma

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 10 August 2017 - 05:22 AM

this cry36

 

X3m decryptor required?

 

any idea?


Edited by imyma, 10 August 2017 - 05:22 AM.


#382 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:19 AM

Posted 10 August 2017 - 06:22 AM

Cry9, Cry36, Cry128, X3M, Nemesis are all CryptON Ransomware variants.

Cry36 is not decryptable at this time. If possible, your best option is to restore from backups.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#383 imyma

imyma

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 11 August 2017 - 10:12 PM

&nbsp;

Cry9, Cry36, Cry128, X3M, Nemesis are all CryptON Ransomware variants.

Cry36 is not decryptable at this time. If possible, your best option is to restore from backups.

&nbsp;



it is decryptable
and i'll prove that soon!

#384 i05fpattack

i05fpattack

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 12 August 2017 - 05:27 AM

&nbsp;

Cry9, Cry36, Cry128, X3M, Nemesis are all CryptON Ransomware variants.

Cry36 is not decryptable at this time. If possible, your best option is to restore from backups.

&nbsp;



it is decryptable
and i'll prove that soon!

 

WHAT YOU MEAN?



#385 lamz138138

lamz138138

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 13 August 2017 - 09:07 PM

&nbsp;

Cry9, Cry36, Cry128, X3M, Nemesis are all CryptON Ransomware variants.

Cry36 is not decryptable at this time. If possible, your best option is to restore from backups.

&nbsp;



it is decryptable
and i'll prove that soon!

 

Hi, do you find method to decrypt these files?



#386 imyma

imyma

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 13 August 2017 - 09:22 PM

I just would like to inform everyone that I am very close to issue the offical decryption tools for cry9,cry128 and cry36 

Pls don't pay for decryption and be patient.

 

Thank you 



#387 lamz138138

lamz138138

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 13 August 2017 - 09:28 PM

I just would like to inform everyone that I am very close to issue the offical decryption tools for cry9,cry128 and cry36 

Pls don't pay for decryption and be patient.

 

Thank you 

OK, hope you successful very soon, my computer had been infected a month ago...... When you can decrypt it, please tell me!

 

Best wises!

 

Thank you!



#388 andrewlancy

andrewlancy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 14 August 2017 - 01:17 AM

Hope you can do it at the earliest, Mine also got infected

 

Best Wishes



#389 529440

529440

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 14 August 2017 - 07:46 AM

 

 

it is decryptable 
and i'll prove that soon! 
I advise you not to believe such fakes. In the best case, you will lose money, at worst you will be infected.
Think logically: emsisoft, eset, avast, kaspersky, etc for a long time could not crack the encryption, then why some "Vasya" can do it.
 
---------------
Information for all:
The affiliate program Nemesis and X3m will be closed for the soon. Companies to restore files will not help you. Free keys(master keys) will not be released. Therefore, I advise you to take care of buying the key in advance.
You can always contact the operator, contacts for communication are indicated in file "DECRYPT MY FILES.txt/html/hta".


#390 js79

js79

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 14 August 2017 - 07:53 AM

Hello everyone. I also was hit a few days ago. All my files were renamed to xxx.id_2734275178_[Brazzers@aolonline.top].nemesis. I uploaded a sample to ID ransomeware and it came back as cry36. Ive tried almost every decrypter i could find but no luck. I do get a error when attempting to use the Crypton decrypter from Emisoft, error says reference file missing. Is there anyone out there that can help?






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users